Delta: Good Goes Around
Descripción
1 Running head: DELTA GOOD GOES AROUND
Delta: Good Goes Around Steven I. Davis CSEC 630 9046, Individual Assignment University of Maryland, University College
2 DELTA GOOD GOES AROUND
Table of Contents Introduction......................................................................................................................................3 Mission.............................................................................................................................................3 Organizational Policy and Governance............................................................................................4 Structure...........................................................................................................................................6 Threats..............................................................................................................................................8 Risks and Vulnerabilities..................................................................................................................9 Wireless Systems........................................................................................................................11 Data at Rest................................................................................................................................12 Preventative Structures...................................................................................................................13 Authentication............................................................................................................................14 Access control............................................................................................................................15 Encryption and Data Signing.....................................................................................................16 Intrusion Detection and Prevention............................................................................................17 Conclusion......................................................................................................................................18 References......................................................................................................................................19
3 DELTA GOOD GOES AROUND
Introduction Delta Airlines is one of the largest air carriers in the world with operations on six continents. This physical area, continuous operations, and a large numbers of customers serviced, demand a robust network. Delta’s network has evolved to meet both a changing business and information threat environment. Their centralized information flow model presents challenges requiring targeted security solutions. This paper intends to be a holistic study of the information systems related to Delta’s business model. This includes the entire travel chain from ticket booking and reservation, counter and gate operations, luggage and flight tracking, public wifi access, and coverage of flight traffic deconfliction systems where applicable. While Delta might not necessarily exercise control over all of these systems, nor bear legal or financial responsibility for their proper functioning, failure of any one of them could negatively impact Delta’s public image in whole or in part resulting in customers moving to other airlines or modes of transportation. Corporations are understandably reluctant to publicly disclose the security configuration of their networks, as this would give malicious actors insight into the most productive methods of attack. While security by obscurity is widely regarded as an ineffective practice to protect general practices and techniques, there is value in keeping the architecture of a particular network secret. Where the particular security configuration or technique used on a section of the network used by Delta Airlines was unavailable this paper provides recommendations based off of industry best practices and government publications.
Mission While Delta has no publicly published mission statement, it has had continuously evolving mottoes and slogans since inception. Its current slogan is “Keep Climbing,” which was preceded by
4 DELTA GOOD GOES AROUND “Good Goes Around” (“TRADEMARKS & SLOGANS,” n.d.). These slogans imply two closely aligned goals. The first identifies with increasingly improving their ability to provide service and sustain operations. The second is an indicator of a horizontally aligned business, with the expectation that indirectly associated business ventures will benefit one another. This is seen in the development of their IT systems, where disparate initiatives work together to improve efficiency, such as online booking and flight scheduling systems. However, with each interconnected network entry point a vulnerability is created. In a presentation at its Investor Day 2016 the CEO provided the following goal for Delta to be, “Setting the standard for financial, operational and service excellence in the airline industry” (Bastian, 2016). This shows an intention to not only be the leader in the industry, but to do so in such a way that other airlines follow Delta’s lead. This can be seen in their early adoption of many technologies, such as RFID tracking and maintenance of cargo and parts, customer wifi service, and mobile checkin.
Organizational Policy and Governance Information protection policy is the cornerstone around which technology architecture decisions are made. All choices of how to protect the network should be balanced against policy, cost, and performance requirements. Users are often highlighted as the weakest link in the security chain, highlighting the need for firm policy. Published policy for employee use and network architecture decisions at Delta was unavailable. The particular nature of their business and network dictates that their Acceptable Use Policy (AUP) highlight a few key areas from general AUP guidance. The use of proprietary hardware assets and custom software systems dictates that they will be monitored. With the high amounts of customer data, there should be no expectation of privacy; the loss of customer data creates a potential for liability, and thus must be monitored. Loss of mission critical systems creates a hazard to life, and any action which impedes their availability,
5 DELTA GOOD GOES AROUND whether intentional or accidental, should be strongly addressed (Doherty, Anastasakis, & Fulford, 2011). Setting these standards for employees removes any doubt as to what constitutes incorrect actions and eliminates queries after a security incident. Any consumer based organization should post policy relating to the information it collects on customers. If not only to educate them, it also sets a precedent during any legal proceedings for how customers could expect their data to be protected. In 2012 the State of California filed a complaint against Delta for failing to comply with mobile application privacy laws. In particular, no privacy policy was supplied for the information collected by the “Fly Delta App” which allowed travelers to check-in, change itineraries, and track luggage. The items of information collected included full names, date of birth, passport number, photographs, other elements of personally identifiable information, and geolocations (“California Attorney General Sues Delta Airlines,” 2012). An oversight of this sort demonstrates a large corporation transitioning from legacy reservation systems to mobile Web 2.0 type technologies and the challenges they face protecting consumer information. While it is likely not indicative of intentional malfeasance, it does show the need for competent legal support versed in the privacy aspects of current technologies. Delta revised their privacy policy in early 2013, possibly in response to the suit. Separate policies are published for the “Fly Delta App” and reservations made through the normal website. The mobile policy discloses that the information discussed in the lawsuit will be collected, as well as redress numbers, that is emergency numbers called in the case of death or emergency. Users may use the app either as a guest or by logging into it with their Sky Miles customer loyalty number. In either case this generates a unique anonymous ID based off of the device hardware and operating system. Location information is collected on an Opt-Out basis using GPS, Wi-fi, and cell tower proximity to provide push notifications of airport maps, status of Delta Sky Clubs, and other traveler services. Deleting the mobile app will remove any collected information from the user’s phone, however deleting a Sky Miles account is required to remove information from Delta’s
6 DELTA GOOD GOES AROUND servers Similar processes are in place for interactions on the Delta web site, involving information relating to web browser, operating system, and time and date of individual pages accessed on the site (Delta Airlines, 2013). Delta performs an adequate job of specifying which information will be collected, although more information could be provided explaining how location and device information is used for customer tracking and advertising, within the limits of disclosing proprietary algorithms. A method of clearing data collected by the app without cancelling a Sky Miles account would useful for customers protecting individual trip privacy.
Structure Delta follows a unified information flow model consisting of four elements: core business processes, data sharing driving these core processes, linking and automation technologies, and key customers. In this model, technologies like enterprise resource planning (ERP) and other application packages, enable the sharing of files and other data across databases, which drive the core processes. These include the customer experience, operational pipeline, market intelligence, and employee relationship management (Sabherwal & Becerra-Fernandez, 2011). This information flow model drives the centralized information flow structures it has adopted. The core of Delta’s system architecture is a nine database system called Delta Nervous System, or DNS, illustrated in Figure 1. These interrelated databases are used to track individual flights, schedules, maintenance, tickets, equipment, and other essential items. Events including departures, events on flights in progress, unloading of aircraft, and cleaning are used to update the status of elements in this database. From these elements customer and flight profiles are built around topics ranging from baggage handling and reservations to Skymiles customer loyalty programs and Crown Room VIP lounges. Every Delta provides is in some way linked to this hub, whether for keeping flights on time or enabling customers to purchase tickets. Initial ticket reservation systems were based around centralized internal servers. In the early 2000s airlines began moving to Global Distribution Systems, or GDS’s, in response to the
Figure 1 - Ross, Weill, & Robertson, 2006
7 DELTA GOOD GOES AROUND competition and low-level persistent denial of services conditions created by repeated queries from the then emerging online ticket vendors (Meehan, 2001). GDS’s are the networks which link the booking process of travel service providers, including airlines, hotels, and car rental agencies. Using a GDS streamlines the entire trip booking process for a customer or travel agent. The largest GDS’s were created as joint ventures between several airlines, but most airlines allow tickets to be booked through several, regardless of the additional creators. In addition to the proprietary Online Agency Service (OASC) and Exclusive Discount Program (EDP) operated internally, Delta is connected to the various booking products available through the Sabre, Galileo, Worldspan, and Amadeus systems (“COST RECOVERY FEE: DELTA AIR LINES”, 2007). While multiple ticket booking methods and integration into the Delta information network represents an obvious profit generation method, it also creates multiple entry points for malicious vectors.
Threats Threats to airlines and one which make use of airline equipment and infrastructure, come from a variety of vectors. The most apparent of these are the events which unfolded on September 11, 2001. While evidence suggests this attack did not have a cyber component, it does demonstrate the lethality and public impact that can be generated using airliners in conjunction with terrorist operations. Given the regularity with which terrorists have used them since the introduction of commercial air travel, it is inevitable that cyber terrorists or patriotic hackers will eventually use network attack in conjunction with physical attack. The majority of network attacks against airlines appear to be financially or ideologically motivated, with an emphasis on disruption rather than damage. The potential gain from an attack is attractive, with quarterly revenues in the tens of billions of dollars for major airlines (Ewalt, 2013). Give the high volume of passengers traveling daily a group which wants to cast a message by creating chaos has a ready target.
8 DELTA GOOD GOES AROUND In the spring of 2015, United Airlines reported a network breach. Investigators of the event, which resulted in the loss of private passenger information and flight manifests, linked it to the same group of likely China state sponsored hackers which stole U.S. Office of Personnel Management (OPM) in the same year (Riley & Robertson, 2015). The GDS Sabre was attacked in this same time period, possibly resulting in the loss of information on more than billion travelers (Southan, 2016). If state sponsored, the collection of such a large amount of personal information implies plans for either large scale economic or political espionage, with United simply being a convenient repository of information. In March 2016, malicious actors were able to access the accounts of British Airways Executive Club members. While no personal information was taken, the event did prompt the airline to temporarily freeze the accounts (Southan, 2016). The likely targeting of high value customers in this attack demonstrates the actors involved are able to seek the most financially lucrative targets and those whose loss would be most damaging to the airline. In August 2016, Delta cancelled 416 flights due to a power outage. In addition to rerouting customers to other Delta flights many had to be booked on other airlines. There is limited evidence to suggest a cyber-attack (Halpern, 2016). Post crisis investigation revealed it may have been a fire which shut down the transformers powering the Technology Command Center. Although power was quickly restored, essential systems did not resume functioning (“Delta Airlines flight operations return to normal,” 2016). This demonstrates that even non-technical threats can have far ranging and expensive consequences when an organization does not account for off-site recovery in their disaster plans. The event came months after similar well publicized incidents hit competitors United and Southwest. A history of mergers has resulted in a few large airlines, where any single incident can result in thousands of customers being inconvenienced. During Delta’s outage many began tweeting
9 DELTA GOOD GOES AROUND about the incident (Scroxton, 2016). This shows that there is a substantial risk of reputation loss from even a single outage.
Risks and Vulnerabilities The following table details the risks to various types of information corresponding to the CIA triad: Information Type
Confidentiality
Integrity
Availability
Aircraft control information
Low
High
High
Airline operational information
High
Medium
Medium
Airline administrative information
High
Medium
Medium
Airline passenger information
High
High
Medium (Laursen, 2015)
This implies the information for aircraft control, which includes elevators, stabilizers, and flight routing, must not be delayed or modified, for obvious reasons of safety. Confidentiality is not of great importance for this type of information as it is only of fleeting value. However, operational information (plane availability, fuel stockpiles, etc.), administrative data, and passenger information have a high value on their confidentiality, due to corporate competitiveness and protection of personally identifiable information (PII). Non-repudiation was not considered in this comparison, although it could have significant impact in post-crash analysis, most likely when assigning fault during post-crash analysis. The Delta Nervous System, or DNS, pushes data relevant to customers and employees through display screens at gates, flight information displays, kiosks, and the company website (Hackathorn, 2002). Having all data pass through the central DNS hub is advantageous to providing real time information, as there is no need to cache data at disparate nodes, like in a cloud structure. However, it also creates a single point of failure which can be disabled by power outage, natural disaster, or well executed network attack.
10 DELTA GOOD GOES AROUND The open nature of public facing websites provides the greatest exposure of vulnerabilities to threats. Online records indicate delta.com was registered with the email address (“Whois Record for Delta.com,” 2016). “A Reverse Whois Lookup search for this address revealed 322 uniform resource locators (URLs), that is unique common language domain names, registered to Delta Airlines (ViewDNS.info, 2017). Examination of these URLs by using the UNIX “ping” command and visiting the web pages served by them revealed four broad classes of sites: (1) those directly linked to core business tasks of reserving and tracking ticket sales. These redirected to the main delta.com website and were served off of an Akamai hosted webserver at IPv4 address 104.80.94.24 when accessed from southern Germany in March 2017. (2) sites related to Delta news and loyalty card members. The majority of these resolved to Amazon AWS cloud servers. (3) credit card and vacation package offers not directly tied to Delta core businesses. These resolved to a variety of non-connected servers. (4) URLs not connecting to an active web page. The large number of URLs associated with Delta, even if in a purely business sense with no technical connection, increases the attack surface available to an adversary. Some of these are almost certainly an attempt to prevent domain squatting, or the practice of a third party benefiting from the good faith of a trademark by registering a similar sounding name. The effects of this large attack surface are mitigated by hosting the domains on separate servers. On 16 March 2017 the author scanned with Nessus vulnerability scanner using a selection of plugins to find potential faults in the website (Tenable, 2017). No significant vulnerabilities were detected. However, HTTP Strict Transport Security (HSTS) was not enforced. This allows for some attacks relating to stealing session cookies, downgrading encryption, and other passive attacks (Hodges, Jackson, & Barth, 2012). Overall, the main site gives the initial appearance of being secure. More research would be required to determine if it, related public sites, and intranet sites would withstand a concerted, persistent attack.
11 DELTA GOOD GOES AROUND
Wireless Systems Wireless internet access is an attractive feature airlines offer to their business and leisure passengers. Competition and revenue opportunity in 2000 drove Delta to provide wireless LAN service in all of its Crown Room lounges and gates at many major airports, with inflight service close behind (Brewin). In flight wireless technologies present a potential vulnerability for flights. Delta provides the Gogo inflight Wi-Fi system to passengers on both domestic and international flights allowing them to work and view entertainment. Ideally, all usage of this system would be on an air-gapped network physically separated from navigation, flight control, cabin environmental control and any other critical systems. However, cost and antenna availability dictate there is some connection between the two. This creates the possibility of a user inadvertently or maliciously interfering with any system connected to the network on the plane. This is a risk which should be considered, but its indirect connection to core servers is not as existential a threat as that seen going through the public reservation systems. Use of wireless at airport lounges creates a similar, although less severe vulnerability. In contrast to the threat posed to airline systems, public access wireless exposes users’ data and devices to threats, especially customers who may be using unsecured devices. Specific methods to harden these networks will be discussed in later sections.
Data at Rest Every interaction between customer, employee, business partner, and myriad automated systems generates data traces. Much of this must be stored to satisfy legal financial record keeping obligations and aid in business analysis. Delta claims to service 180 million customers each year and employee 80,000 people worldwide (“Corporate Stats and Facts,” 2017). Delta’s CEO has publicly stated the importance of tracking information from flight data recorders and employee incident reports under voluntary industry programs to find operational and safety anomalies (Croft, 2016). Leaving this data unsecured exposes customer PII and proprietary information which could
12 DELTA GOOD GOES AROUND be potentially useful to a competitor or attacker. Data warehousing reduces the cost of storing it, as only one site must be secured, but increases the risk if that single site is compromised (Hackathorn, 2002). Securely storing probably petabytes of data should be weighed against other options like insuring against the risk of data loss and cost avoidance.
Preventative Structures Delta has demonstrated an awareness of the potential effects which could result from a network attack or other type of outage. The following entry from its 2015 Shareholder Annual Report outlines the potential for financial and operational damage from information technology infrastructure: Our information systems are subject to an increasing threat of continually evolving cybersecurity risks. Unauthorized parties may attempt to gain access to our systems or information through fraud or other means of deception. Hardware or software we develop or acquire may contain defects that could unexpectedly compromise information security. The methods used to obtain unauthorized access, disable or degrade service or sabotage systems are constantly evolving, and may be difficult to anticipate or to detect for long periods of time (Anderson & Jacobson, 2016, p. 15). This demonstrates knowledge of the nature of the risk. The statement provides further understanding that while processes and procedures will be continually updated to protect against this, not all breaches are preventable. This could have an impact on the information held relating to customers, employees, business partners as well as their ability to provide services. They recognize that while hackers and viruses are one venue of harm, natural disasters and terrorist attacks can also have an impact by effecting both internal and external systems (Anderson & Jacobson, 2016). This shows recognition of the need to invest resources not only in the development of technology platforms, but also in their protection.
13 DELTA GOOD GOES AROUND
Authentication Delta’s inclusive model of customer relations in many ways resembles a corporation with a bring-your-own-device, or BYOD, model. Customers are able to connect to the airline network through their home or hotel ISP in the days leading up to a flight to confirm bookings. They use mobile devices while transiting to the airport to check on flight status. At or prior to arriving at the airport they pull boarding passes from the Delta’s servers. Wireless networks at the airport, in customer lounges, and on the plane are used to check the status of arriving flights and connectors. Similarly maintainer and baggage handlers may need to connect to the network from remote locations at higher security level. Aircraft may switch from a satellite connection to a private campus area network when landing. Remote administration of servers at hub locations would require the highest level of security. All of this requires multiple authentication attempts on the airline network, which highlights the need for a secure, reliable enterprise authentication scheme. The existence of different classes of users and security regimes mandates a variety of authentication methods based on use case. For BYOD situations publications from the National Institute of Standards and Technology, or NIST, recommend a range of authentication methods. Where password only authentication is the most practical solution, such as with frequent customers logging purchasing tickets, attempts should be made to ensure differing passwords are used and reauthentication should be enforced during long periods of remote access. Users requiring a higher degree of security should be required to use two-factor authentication, password and cryptographic token. A software token would be appropriate for moderate security levels, for example loyalty program members and traveling management and sales personnel, as additional hardware would not be required. For higher levels of security, such as system administrators remotely configuring a server at an airport, physical tokens or biometric readings should be used. Additionally, reverse mutual authentication should be used to confirm the correct server is accessed. (Souppaya & Scarfone 2016). This will help to ensure changes effecting routing and safety are uploaded. These various authentication methods balance security, with customer convenience where needed.
14 DELTA GOOD GOES AROUND
Access control Delta is in a long-term process of moving from a centralized monolithic network to something resembling a more cloud based structure. This is most evident in their web services. As this occurs access control of data will become more important, with a stress on maintaining the integrity and availability of aircraft control systems. Sampigethaya, Poovendran, and Bushnell provide a model where systems which are more trusted, regulated, and tied to function of the airplane are provided greater access rights (2009). This would need to be blended with other aspects of Delta’s all-encompassing DNS model for several classes of data. The table represents a possible Role Based Access Control scheme for managing this data. Role
Data Class Passenger data
Aircrew
Flight routing
Aircraft / environment Internet service control systems provider
rw
r
rw
rw
802.11 users
-
-
-
rw
Maintainers
-
r
r
-
rw
r
-
rw
Baggage Handlers
r
r
-
-
Air traffic control
-
rw
r
-
Travel Agents
Under this model, aircrew would be the only network users able to modify the cabin environment or control of the airplane. However, maintainers would be able to read this information to diagnose equipment malfunctions. Aircrew and travel agents, whether human or web application, are the only authorized users to modify passenger data, but other users may read it. For example baggage handlers read passenger data along with flight routing information to determine if baggage must be sent to alternate locations. Users of public wireless 802.11 the most restrictions, able to access only internet services, although other users may do so in accordance with their duties. This unified system represents a reduction in cost compared to maintaining separate systems to manage data while preserving confidentiality, availability, and integrity of individual data pieces.
15 DELTA GOOD GOES AROUND
Encryption and Data Signing Encryption is a method of enforcing the confidentiality aspects defined above, however it is not without cost. Longer key lengths grant security for longer periods of time at the expense of greater computational resource requirements. Symmetric systems, while efficient, depend on a preshared key which must be periodically rotated. Transport Layer Security (TLS) provides a means of securely sharing information across computer networks. Given the protection requirements annotated in the Risk and Vulnerabilities section the following encryption algorithms and key lengths are recommended for the data types discussed: Information Type
Key exchange
Encryption
Data Signing
Aircraft control information
SMK
ChaCha20
HMAC-SHA512
Airline operational information
RSA-4096
AES-192
HMAC-SHA256
Airline administrative information
RSA-4096
AES-128
HMAC-SHA256
Airline passenger information
RSA-2048
AES-256
HMAC-SHA512
The values above are based off of recommendations from NIST. Due to the possibility of losing communications with ground stations and the high availability requirements, pre-shared keys using a symmetric master key is recommended for aircraft controls (Barker, E., Barker, W., Burr, Polk, & Smid, 2007). As the propagation of a single error through multiple blocks of control messages is unacceptable, ChaCha20, the only stream encipherment protocol in TLS, is selected. For the remaining data types, the time period during which it will be relevant and consequences for loss are balanced against operational requirements (Barker & Roginsky, 2011). Operational and administrative information is relatively ephemeral and represents a low risk if compromised, thus they are encrypted using shorter key lengths than passenger information, which must be protected for a longer period of time. The longer signing keys for aircraft control and passenger information are in response to the real danger created by falsifying either a control signal or passenger manifest.
16 DELTA GOOD GOES AROUND
Intrusion Detection and Prevention The multiple interfaces between external parties and Delta’s network provide entry points requiring unique solutions. Reservation and ticket purchasing systems provide the most standard interface. Given that it is a bridge between the constantly evolving exploit ecosystem and core network servers, anomaly-based network intrusion prevention system should be placed in the demilitarized zone between the web servers and key databases (Scarfone & Mell, 2007). Similar steps should be taken to secure connections between the mobile application servers, although a different variety of threats are likely to present themselves there, resulting in different training needed for the anomaly detection engine. The interface between company assets, such as aircraft, baggage handling, and gate readers, is likely to encounter more static threats, but cannot suffer as high a false-positive rate for incorrectly identified threats. For these reasons a signature-based network intrusion detection would be preferable to track known threats. Wireless networks present a different entry point which much be protected against. Typically the networks are run in open mode to customers with authentication performed against the network interface card MAC, as distributing and keeping secret a pre-shared key would be inconvenient. Employing an enterprise WPA solution using 802.1x certificates would be feasible for internal use, but a wireless IDPS would still be recommended in the event this authentication scheme is circumvented. A signature-based network device would find its greatest use in detecting rouge access points, set up accidentally or for malicious purposes (Scarfone & Mell, 2010). This has shown to be a tactic used to collect personal information on public networks, such as those found in airports. Check-in kiosks represent and interesting, but lower threat, entry point. They have the greatest potential for physical surveillance by security personnel, but are also trusted assets directly connected to the network, and have high availability and bandwidth requirements. A signaturebased host intrusion prevention would provide a high level of protection to the individual unit without the risk of customer frustration from falsely identified intrusion attempts. The physical
17 DELTA GOOD GOES AROUND access required to such a device makes difficult the reconnaissance required to find an exploit not covered by the system’s signature files.
Conclusion Delta Airlines has established a far ranging network. While doing so, their architecture, the features they offer their customers, and the services required by their employees and partner agencies result in vulnerable points in their network. These vulnerabilities are not insurmountable, but can be contained and mitigated through a combination of authentication, access control, and intrusion detection and protection technologies. Where it is not cost effective or arduous to take these steps, insurance or threat avoidance strategies should be taken to mitigate the threat as much as possible.
18 DELTA GOOD GOES AROUND
References Anderson, R. H. & Jacob, P. A. (2016, February 5). United States Security and Exchange Commission Form 10-K. Retrieved from http://www.annualreports.com/HostedData/AnnualReports/PDF/NYSE_DAL_2015.pdf Barker, E., Barker, W., Burr, W., Polk, W., & Smid, M. (2007). Recommendation for Key Management – Part 1: General (SP 800-57). Gaithersburg, MD: National Institute of Science and Technology. Barker, E. B., & Roginsky, A. L. (2011). Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths (SP 800-131A). Gaithersburg, MD: National Institute of Science and Technology. Bastian, E. (2016, December 15). Investor Day 2016 [Slideshow]. Retrieved from Brewin, B. (2000). Airlines Compete in Wireless LAN Space. Computerworld, 34(41), 12. California Attorney General Sues Delta Airlines for Failure to Comply with State Mobile App Privacy Law. (2013). Computer & Internet Lawyer, 30(3), 26. Corporate Stats and Facts. (2017, March 1). Retrieved March 05, 2017, from http://news.delta.com/corporate-stats-and-facts COST RECOVERY FEE: DELTA AIR LINES. (2007, August 1). Retrieved March 02, 2017, from http://www.delta.com/content/www/en_US/legal/booking-policy/cost-recovery-fee.html Croft, J. (2016). Safety Culture Is Personal At Anderson's Delta. Aviation Week & Space Technology, 1. Delta Airlines. (2013, January 3). COOKIES, PRIVACY & SECURITY. Retrieved March 04, 2017, from Delta Airlines flight operations return to normal. (2016). Delta News Hub. Retrieved February 15, 2017, from http://news.delta.com/deltas-flight-operations-return-normal
19 DELTA GOOD GOES AROUND Doherty, N. F., Anastasakis, L., & Fulford, H. (2011). Reinforcing the security of corporate information resources: A critical review of the role of the acceptable use policy. International journal of information management, 31(3), 201-209. Ewalt, D. M. (2013). The Results Are In, And Airline Revenues Are Growing. Forbes.Com, 32. Halpern, M. (2016, September 30). Did a Cyber Attack Ground Delta Airlines? Observer. Retrieved from Hackathorn, R. (2002). Current practices in active data warehousing. Bolder Technology, Inc. Hodges, J., Jackson, C., & Barth, A. (2012). HTTP strict transport security (HSTS) (No. RFC 6797). Laursen, K. (2015). A type system for checking information flows in distributed systems [Master’s thesis]. Technical University of Denmark. Meehan, M. (2001, April 16). Delta to change core technology. Retrieved March 02, 2017, from http://www.computerworld.com/article/2592330/app-development/delta-to-change---coretechnology.html Riley, M. & Robertson, J. (2015, July 29). China-Tied Hackers That Hit U.S. Said to Breach United Airlines. Bloomberg. Retrieved from https://www.bloomberg.com/news/articles/2015-0729/china-tied-hackers-that-hit-u-s-said-to-breach-united-airlines Ross, J., Weill, P., & Robertson, D. (2006). Enterprise Architecture Strategy: Creating a Foundation for Business Execution. Boston, MA: Harvard Business School Press. Sabherwal, R. and Becerra-Fernandez, I. (2011). Business Intelligence: Practices, Technologies, and Management (pp. 66-67). Hoboken, NJ: John Wiley & Sons. Sampigethaya, K., Poovendran, R., & Bushnell, L. (2008). Secure Operation, Control, and Maintenance of Future E-Enabled Airplanes. Proceedings of the IEEE, 96(12). Scarfone, K., & Mell, P. (2007). Guide to Intrusion Detection and Prevention Systems (IDPS) (SP 800-94). Gaithersburg, MD: National Institute of Science and Technology.
20 DELTA GOOD GOES AROUND Scarfone, K., & Mell, P. (2010). Intrusion detection and prevention systems. In Handbook of Information and Communication Security (pp. 177-192). Springer Berlin Heidelberg. Scroxton, A. (2016, August 8). IT failure grounds Delta flights worldwide. ComputerWeekly. Retrieved from http://www.computerweekly.com Souppaya, M., & Scarfone, K. (2016). Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security. NIST Special Publication, 800, 46. Southan, J. (2016). Hack attack. Business Traveller (Asia-Pacific Edition), 36-39. Tenable. (2017, March 15). Nessus Vulnerability Scanner. Retrieved March 16, 2017, from https://www.tenable.com/products/nessus-vulnerability-scanner TRADEMARKS & SLOGANS. (n.d.). Retrieved March 03, 2017, from http://www.delta.com/content/www/en_US/about-delta/corporate-information/trademarksslogans.html ViewDNS.info. (2017). Reverse Whois Lookup [Database search]. Retrieved on March 16, 2017, from Whois Record for Delta.com. (2016, October 5). Domaintools [online database query]. Retrieved February 2, 2017, from http://whois.domaintools.com/delta.com
Lihat lebih banyak...
Comentarios
